Hi all,
After update of avast. he detect virus in “pcsws.exe”. This “exe” is part of “eServer iSeries Access For Windows by IBM”
This software by IBM is installed on all computers in my network.
please chek this problem! without this "pcsws.exe program does not work.
If you have questions about debugging the problem I am available.
Can I tell ADNM, that exe is not a virus?
Thanks!
Best regards,
Bojidar Pachovski
Mobel Ludwig Bulgaria GmbH
I confirm that pcsws.exe is not a virus
I hope that avast quickly repair this error because many many societies have this software to permit emulation beetween Iseries (AS400,IBM) and PC !!!
Perhaps the cause is PCSWS.EXE is and old program (for Windows 98) but it worked before the update today
Yes starmag!
it worked before the update today
to work with the program were forced to kill “aswServ.exe”
hopefully sooner than avast! to make adjustments for this use of IBM
Sorry for my bad english !
–––––––––
I hope I’m useful. will upload the file in question.
I put a ticket in it I put the file
Ticket ID: LRG-663923
Sorry for my bad english !
The solution is like every “false positive” to do the “File System Shield, Expert Settings, Exclusions, Add” job with c:\program files\ibm\client access\emulator\pcsws.exe" but it’s a shame that happened with a program perfectly harmless and so current !
ps:sorry for my english too! i’m french 
The solution for any false positive is to confirm it is an FP before excluding the file:
You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
La solucion del problema es cambiar de version de Iseries. de la version V5R3 en adelante no tiene ese problema. el pcsws.exe no lo detecta como virus…
Saludos espero les sirva
yes you’re right; my as400 is in V5R2
the problem is that how to change OS400 version in a weekend?
my users will need their pcs400 Monday!
i’m not alone in that case ; few people work here today, it’s saturday
tomorrow, sunday, nobody work here in france
But monday, the problem will be very important for many business (well those who use avast)
The sample needs to be confirmed as an FP using VirusTotal as I mentioned above and reported/sent to avast.
avast4 - Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
avast5 - Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
I don’t use the ADNM version so I hope the above settings, etc are correct or you can adapt them to it or the client systems.
el pcsws.exe lo usas solo para el emulator. Copia solo la carpeta emulator de una version V5R3 a la actual con eso funciona.
es por si no soluciona pronto avast el problema
asi solucionamos nosotros el problema…
:-\
Saludos.
hi DavidR,
thanks for you help.
I did a few things from the elections of you:
this: (select the file, right click, email to Alwil Software).
or this: You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Reports here it is: http://dox.abv.bg/files/fdw?eid=53525641
and more… and more… but…
Аfter update of a VPS 100130-0 to 100130-1 already have no problem with “pcsws.exe”
not detect it as virus!
if the problem had occurred during working hours from Monday to Friday colleagues would probably make me embark on the gallows ;D
Thank you all for your help!
Where can I download a new version V5R3 … V5R4 maybe? I have one page of IBM and I do not know if you can not download from there a new version of the client.
Any ideas?
Thank you!
You’re welcome.
It looks like you weren’t alone in this detection and it had already been submitted to avast and the signature corrected. They usually are quick to correct when a detection is acknowledged as a false positive.
So no gallows today then ;D
version of avast returned from 100130-1 to 100130-0; now everything is normal and no problem with the application of IBM.
I confirm it works now
Thank you ALWIL, you’re great professionals! Very reactive ! 
Thanks for the feedback guys.
Hey all, there seems to be a regression on this file. Comes up as Win32:Malware-gen with VPS 110204-0, 02/04/2011.
I really hope this is fixed. We are about to deploy avast to our largest customer soon, and they also use the iSeries Access software with their AS400, and this will have disastrous results. I can provide a copy of the Client Access software if it would help :-\
Just ran a scan now, and it seems to be fixed. VPS 110205-1, 02/05/2011.